RSS
Twitter
Escaped The Largest Credit Card Data Breach Ever? Well, Here's Another One...
from the just-assume-someone-else-has-your-cc-info dept
Remember last month when a credit card payment processor was forced to admit a security breach that could impact 100 million people? Well, if you were lucky enough not to get caught up in that breach, there's apparently another one to worry about. Visa and Mastercard are issuing a new warning over a different payment processor whose system was apparently compromised as well. At this rate, it's getting silly to have static credit card numbers, since it seems like we're replacing our cards every few months anyway.
Reader Comments (rss)
(Flattened / Threaded)
I think they do it on purpose
It wont be long before there is a bill introduced to remove the obligation to report these incidents. It will be cleverly named something like the Truth In Data Breaches Act. Then when you report invalid charges on your account they will act like it is all your fault.
(reply to this comment) (link to this comment)
Verified Addresses, Bio Identifiers
AND THE MARK OF THE BEAST!!! Beware everyone. the end time are upon us. The antichrist will rise soon and force us all to get RFID chips containing all of our financial information implanted in out hands or on our foreheads!!!!!
but at least our information will be "secure"
(waits for people to think I'm serious)
I really should start using virtual credit card numbers for websites, but even then it doesn't help the real cards I get having their information stolen.
hmmmm, what could be a good solution. How about a payment system for online purchases that generates a number for each individual merchant. If a charge comes through for a number that is specific to a merchant, but from somewhere else, then the bill goes to the merchant the "lost" the number. Then for an actual card, how about combine fingerprint and the card to make it work. might not be reasonable, but it is much more secure than a digital signiture.
(reply to this comment) (link to this comment)
Re: Verified Addresses, Bio Identifiers
"hmmmm, what could be a good solution."
- Companies actually giving a shit ?
(reply to this comment) (link to this comment)
Identity Crisis
I wonder how much Identity Theft has to do with the current crisis. We all hear about mortgages, but with that post about the Nigerian Scam perpetrated on CitiBank, Im surious what role Identity theft has in this whole mess. If it isn't completely manufactured in the first place. How many of these failing financial institutions (potential bailout recipients) would be willing to admit that they are victims of scams around the planet ?
(reply to this comment) (link to this comment)
Re: Identity Crisis
surious = curious
late night, sry
(reply to this comment) (link to this comment)
Think of the children!
I'm sure advocates of keeping wifi logs for at least two years, wiretapping U.S. citizens, and those who would make file sharing illegal will be adding this to their defense. "See! Look how much child porn was purchased with stolen credit card numbers! Using credit cards should be illegal. Think of the children!"
Honestly, I don't think we're far off from having mandatory RFID tags. They already put them in credit cards, passports, its not a far strech to think they will be added to state ID and drivers licenses.
(reply to this comment) (link to this comment)
I activated my last replacement card less than a week ago. Maybe they can just send me two more right away that way I don't have to wait so long between data breaches.
(reply to this comment) (link to this comment)
Re: Verified Addresses, Bio Identifiers
In order for something like that to work, you'd need a unique identifier generated from a combination of merchant id, merchant location, shopper id, shopper location, and time/date of transaction. Keyword here is UNIQUE. Use a separate method of verifying the components of the unique transaction identification--verifies ALL of the info--and, of course, you'd have to make it un-spoofable.
Good luck with that.
(reply to this comment) (link to this comment)
fear mongering?
I have had credit cards for better then 20 years and have never nad to change a number or been the victim of any fruad. I take only general "thinking person" precautions and have only had to change cards on a couple occasions and each time only because I myself lost the card (I would also point out that I never cary cash and do absolutely everything on credit cards).
Im not sure this hysteria is really all that productive. Especially when the credit card companies themselves absorb the vast majority of fraud people actually do encounter (which I suspect is much much much lower then many in the media - and security business- would have us think).
(reply to this comment) (link to this comment)
Pin Me
When is the use of Credit Cards going to require the entry of PIN numbers as well as the swipe. Then we could change our PINs every 30 days.
(reply to this comment) (link to this comment)
Re: Re: Verified Addresses, Bio Identifiers
Why not have credit cards that have rotation numbers similar to RSA's SecurID authentication tokens? Combine that with a pin, and you have a more secure card.
(reply to this comment) (link to this comment)
A benefit to disposable numbers
Since this case only involves card-not-present transactions like Internet sales, it looks like using disposable numbers can give me peace of mind on this one. Am using Bank of America's ShopSafe that issues unique numbers through a Flash applet, but there are other solutions too. It is a shame that I now have to be more worried about using the cc at a restaurant or gas station, and having been through trying to get false charges reversed with another bank it is something that concerns me.
Something like chip-and-pin in the UK would be a step forward, but apparently that system sadly wasn't designed to be as resistent to direct hardware tampering as it could/should have been. It would be so nice for a change to see a mass-market security system rolled out where white-hats were given a chance to find obvious weaknesses before millions of people were using the thing.
(reply to this comment) (link to this comment)
One popular approach is to transfer your high-interest credit card debt to some lower-interest loan - either a home equity loan or a low-interest card http://www.credit-cards-rates.co.cc
(reply to this comment) (link to this comment)
Credit Cards
I have got new credit cards that resolves all my problems from kotakcards. All of you can also get the best credit card deals online form Kotak Credit Cards. It’s time to get the best rewards from your credit card. Apply for free online credit cards available offered at http://www.kotakcards.com/
(reply to this comment) (link to this comment)
Re: fear mongering?
Actually the credit card companies do NOT absorb the majority of the fraud...the breached merchants do. I know..I'm one of them and there are thousands of merchants nation wide who have agreed to do this so they can continue to process credit cards in their businesses. It's sad...smacks of paying protection money to the mob...black mail...call it what you want. But the credit card companies won't take you unless you agree to pay any "charge backs" to cards that were compromised if their system is hacked.
It's quite a racket! I was impressed. Sickened...but impressed...and it's legal. Go figure.
(reply to this comment) (link to this comment)
Add Your Comment